Menu
Posted: Nov 29, 2018
Comments: 0

The EMV migration and fraud liability shift continue in the United States, and some issuers are still going through a natural re-issue process for both debit and credit card products to issue chip cards to their cardholders.  Many national issuers implemented chip card technology utilizing a mass re-issue strategy, while a small number of issuers haven’t started issuing chip cards. Others never plan to issue chip cards as there is no mandate requiring issuers to do so.  Issuers who choose to continue to issue magstripe cards instead of chip cards, and issuers who have not completed a natural re-issue, are deciding to accept the risk of the liability shift for fraudulent transactions. They are also taking the risk of losing cardholder transaction volume. 

Read more
Posted: Oct 23, 2018
Comments: 0
Author: Lou Grilli

Security For Your PCI Reports

A typical credit union downloads its report bundles daily from its processors. Usually, the only option is to store those highly sensitive Payment Card Industry (PCI) report bundles on a network drive, with some level of appropriate user access controls. The reports contain 16-digit card numbers, transaction-level details, and Personally Identifiable Information (PII) of credit union members. However, the network drive is not in a PCI compliant environment. Does this sound familiar? More importantly, do you know where your processor reports are being stored?

Read more
Posted: Sep 4, 2018
Comments: 0
Author: Lou Grilli

Understanding and managing the risks associated with the changing world of data security, and being prepared for breaches and how to respond, have become business necessities. This three-part series, based in part on a presentation given by Michele L. Cohen, a principal with the law firm Miles & Stockbridge P.C. at Trellance’s immersion 2018 conference, outlines the balancing act between convenience and data, and provides a framework for preparing for breaches and what actions to take in response. Part 1 focused on what is at risk; what causes breaches, and the fact that breaches are inevitable. Part 2 focused on planning and documentation for the inevitable. This Part 3, will explore three areas that require special attention: the legal considerations regarding breach notification; the contracts an organization has with vendors who have access to data; and having the right insurance coverage.

Read more
Posted: Aug 14, 2018
Comments: 0
Author: Lou Grilli

Planning for the Breach - the WISP and IRP

Understanding and managing the risks associated with the changing world of data security, and being prepared for breaches and how to respond, have become business necessities. This three-part series, based in part on a presentation given by Michele L. Cohen, a principal with the law firm Miles & Stockbridge P.C., at Trellance’s immersion 2018 conference, outlines the balancing act between convenience and data, and provides a framework for preparing for breaches and what actions to take in response. Part 1 focused on what is at risk; what causes breaches, and the fact that breaches are inevitable. This Part 2 will focus on planning and documentation for the inevitable.

Read more
Posted: Aug 1, 2018
Comments: 0
Author: Lou Grilli

Planning for a breach is a business requirement whether you have been breached or not.

“… credit unions are no longer flying under the radar – credit unions are targets of cybercriminal activity.” – Larry Fazio, Deputy Executive Director, NCUA

The increased use of mobile platform access, for both credit union staff and members, and the migration to cloud-based services is a trend for which there is no going back. The scalability, accessibility, as well as the ability to quickly and easily deploy new services have become business necessities to remain competitive and to continue to serve the needs of members. This also means some loss of control over security and compliance. Understanding and managing the risks associated with the changing world of data security, and being prepared for breaches and how to respond, have also become business necessities. This three-part series, based in part on a presentation given by Michele L. Cohen, a principal with the law firm Miles & Stockbridge P.C., at Trellance’s immersion 2018 conference, outlines the balancing act between convenience and data, and provides a framework for preparing for breaches and what actions to take in response.

Read more
RSS
12345678910Last

search

Featured Stories